FoxPro Payeezy 网关

Question

我有一个桌面应用程序 Foxpro 9.0 Executive，它需要连接到 Payeezy 并通过其 API 传输和接收 XML 数据。 我使用 WinHttpRequest.5.1 从 UPS 地址验证 API 发送和接收 XML 数据。但我似乎对 SHA-1 HMAC 哈希计算头有问题。谁能给我一些关于如何在 Foxpro 中完成此操作的示例代码？ https://support.payeezy.com/hc/en-us/articles/203731149-API-Security-HMAC-Hash

*api.demo.globalgatewaye4.firstdata.com
***************************
If Vartype(loReq)='U'
  Public loReq
ENDIF
lcURL='https://api-cert.payeezy.com/v1/transactions/v12'
lcPassWd ='Password'
lcExactID='ExactID'
lcKeyCode='Keycode'
ldDate=dtos(DATE())
lcDate=SUBSTR(ldDate,1,4)+'-'+SUBSTR(ldDate,5,2)+'-'+SUBSTR(ldDate,7,2)
ltTime=TIME()
lcDateTime=lcDate+'T'+TRANSFORM(ltTime)+'Z'
uri='transaction/v12'
lcTranstype='00'
lcAmount='1299.00'
lctype='visa'
lcname='John Smith'
lncc_no='4788250000028291'
lcExp_Date='1020'
lccvv='123'
lcAddress='21 Jump Street'
lcCity='Los Angeles'
lcZip='90210'
lcPhone='5557891234'
lcOrderno='12345678'
CustID='87654321'
lcTransactionType="00"
lcShip_Name="Customer Name"
XMLRequest='<?xml version="1.0" encoding="utf-8" ?>'+Chr(13)+;
  '<Transaction>'+Chr(13)+;
  '<Transaction_Type>'+lcTranstype+'</Transaction_Type>'+CHR(13)+;
  '<DollarAmount>'+lcAmount+'</DollarAmount>'+CHR(13)+;
  '<Expiry_Date>'+lcExp_Date+'</Expiry_Date>'+CHR(13)+;
  '<CardHolderName>'+lcname+'</CardHolderName>'+Chr(13)+;
  '<Reference_No>'+lcOrderno+'</Reference_No>'+CHR(13)+;
  '<Customer_Ref>'+CustID+'</Customer_Ref>'+CHR(13)+;
  '<Reference_3>'+lcname+'</Reference_3>'+CHR(13)+;
  '<ExactID>'+lcExactID+'</ExactID>'+CHR(13)+;
  '<Password>'+lcPassWd+ '</Password>'+CHR(13)+;
  '<Card_Number>'+lncc_no+'</Card_Number>'+chr(13)+; 
  '</Transaction>'
Hashme='POST'+chr(13)+'SOAP'+chr(13)+XMLRequest+chr(13)+lcDateTime+chr(13)+lcURL
baseHash=STRCONV(Hashme, 13)
loReq = Createobject('WinHttp.WinHttpRequest.5.1')
loReq.SetTimeouts(2500, 2500, 2500, 2500)
loReq.Open('POST', 'https://api-cert.payeezy.com/v1/transactions/v12', .F.)
loReq.SetCredentials(lcExactID, lcPassWd , 0)
loReq.SetRequestHeader('authorization', 'GGE4_API 14:'+lcKeyCode)
loReq.SetRequestHeader('x-gge4-content-sha1',baseHash )
loReq.SetRequestHeader('content-type', 'application/xml')
loReq.SetRequestHeader('accept', 'text/xml')
loReq.Send(XMLRequest)          
Xmltocursor(loReq.responsetext,'Payeezy')
loReq=""

Answer 1

您的代码将m.Hashme 的base64 编码填充到authorization 标头中。根据您告诉我们的内容，您似乎需要计算 m.Hashme 的 SHA-1 哈希并将哈希放入标头（在对其进行 base64 编码之后）。

Fox 没有内置 SHA-1 函数，因此您需要一个辅助来源。在 Fox 中使用 Win32 CryptAPI 是可能的，但那是不必要的混乱且相当痛苦。 FoxPro 基础类 (FFC) 中有 _crypt.vcx，但这并没有真正的帮助（和所有 FFC 一样，它也不适合生产使用）。

值得一提的是，这里有一个小的 .prg，可用于使用 Win32 CryptAPI 和 _crypt.vcx 计算哈希值（默认值：SHA1）：

#include WinCrypt.h

lparameters cData, nAlgorithmId

with createobject([CCryptAPIWrapper_])
   return .Hash(@m.cData, m.nAlgorithmId)
endwith   

*******************************************************************************
* _CryptAPI.hProviderHandle needs to be hacked to PROTECTED or PUBLIC
* and also most of the member functions called here

define class CCryptAPIWrapper_ as _CryptAPI of _crypt.vcx

   function Init

      * declare missing CryptAPI functions
      declare long CryptGetHashParam in WIN32API long, long, string@, long@, long

      return dodefault()

   procedure Destroy

      if not empty(this.hProviderHandle)
         this.CryptReleaseContext(this.hProviderHandle)
      endif

   function Hash (cData, nAlgorithmId)

      nAlgorithmId = evl(m.nAlgorithmId, dnALG_SID_SHA)

      local hHashContext, cHash

      hHashContext = 0
      cHash = .null.
      try
         this.CryptCreateHash(this.hProviderHandle, nAlgorithmId, 0, 0, @m.hHashContext)
         this.CryptHashData(m.hHashContext, m.cData, len(m.cData), 0)
         cHash = this.RetrieveHashFromContext(m.hHashContext)
      finally
         if not empty(m.hHashContext)
            this.CryptDestroyHash(m.hHashContext)
         endif
      endtry

      return m.cHash

   function RetrieveHashFromContext (hHashContext)

      local cHashSize, nXferSize

      cHashSize = replicate(chr(0), 4)
      nXferSize = len(m.cHashSize)
      CryptGetHashParam(m.hHashContext, dnHP_HASHSIZE, @m.cHashSize, @m.nXferSize, 0)

      assert m.nXferSize == 4

      local nHashSize, cHashData

      nHashSize = extract_UINT32_(m.cHashSize)
      nXferSize = m.nHashSize
      cHashData = space(m.nHashSize)
      CryptGetHashParam(m.hHashContext, dnHP_HASHVAL, @m.cHashData, @m.nXferSize, 0)

      assert m.nXferSize == m.nHashSize

      return m.cHashData

enddefine

*******************************************************************************
* note: BITOR() and BITLSHIFT() give a signed result -> can't use them here

function extract_UINT32_ (s)

   return asc(substr(m.s, 1, 1)) ;
        + asc(substr(m.s, 2, 1)) * 0x100 ;
        + asc(substr(m.s, 3, 1)) * 0x10000 ;
        + asc(substr(m.s, 4, 1)) * 0x1000000

在使用它之前，您需要破解_crypt.vcx，如类定义上方的注释所示，因为类库甚至是VFP9。此外，VFP 搜索路径需要包含 Fox 主目录及其子目录 FFC。

Answer 2

我在 First Data 的 Payeezy 团队工作。我看到在您发布的示例代码中，您混淆了我们的两个 API，我们的 REST API (https://api-cert.payeezy.com) 和我们基于 SOAP 的 API (api.demo.globalgatewaye4.firstdata.com)

如果您使用的是 REST API，那么这里是在 PHP 中生成 HMAC 的示例代码。

<?php
$apiKey = "<your api key>";
$apiSecret = "<your consumer secret>";
$nonce = "<Crypographically strong random number>";
$timestamp = "<Epoch timestamp in milli seconds>";
$token = "<Merchant Token>";
$payload = "<For POST - Request body / For GET - empty string>";
$data = $apiKey + $nonce + $timestamp + $token + $payload;
$hashAlgorithm = "sha256";

<!-- Make sure the HMAC hash is in hex -->
$hmac = hash_hmac ( $hashAlgorithm , $data , $apiSecret, false );

<!-- Authorization : base64 of hmac hash -->
$authorization = base64_encode($hmac);
ehco $authorization;
?>

如果您使用的是基于 SOAP 的 API，您可以在此处找到示例代码：https://support.payeezy.com/hc/en-us/articles/203731149-API-Security-HMAC-Hash